The New South Wales Police has charged four members of an alleged fraud syndicate, as part of an ongoing investigation into business email compromise (BEC) scams run across the state.
Strike Force Woolana investigators, assisted by Australian Border Force (ABF), executed three search warrants at the Villawood Immigration Detention Centre on Thursday morning, seizing 16 mobile phones, numerous SIM cards, identification information, and various electronic storage devices.
Police arrested a 43-year-old Nigerian man at the facility, expected to allege in court he was the ringleader, coordinating BEC scams to the value of more than AU$3 million.
He was charged specifically with knowingly direct activities of criminal group, two counts of knowingly dealing with proceeds of crime, and possessing identity info to commit an indictable offence.
Strike Force Woolana was earlier this year stood up by the State Crime Command's Cybercrime Squad to investigate organised criminal syndicates involved in fraudulent activities, including BEC, identity theft, romance scams, and the fraudulent sale of goods.
Leading up to the arrest at Villawood, the strike force had charged three others over their involvement in the alleged fraud ring.
A 36-year-old Kingswood woman was charged on Tuesday with 11 counts of knowingly dealing with the proceeds of crime; a 20-year-old Chester Hill man was on Wednesday charged with seven counts of recklessly dealing with the proceeds of crime, possess identity information with intent to commit an indictable offence, and possessing drug implements; and a 20-year-old woman also from Chester Hill was charged with knowingly dealing with the proceeds of crime.
Search warrants were executed shortly after each arrest, which resulted in the seizing of computers, electronic storage devices, mobile phones, SIM cards, and documentation, as well as a vehicle believed to have been purchased with proceeds of crime.
Police will allege in court that the three individuals were involved in the laundering of more than AU$480,000, AU$90,000, and AU$17,000, respectively, all fraudulently obtained through business email compromises.
See also: The Business Email Compromise Guide [PDF download] (TechPro Research)
The arrest follows a Nigerian resident on Tuesday being ordered to pay back $2.5 million in damages and serve five years in prison for running BEC scams which sought to defraud victims out of $25 million.
Onyekachi Emmanual Opara was sentenced in a Manhattan, New York federal court for his crimes.
Between 2014 and 2016, Opara and co-defendant David Chukwuneke Adindu operated a number of BEC scams. While operating from Lagos, Nigeria, the scams targeted victims worldwide, including in the US, UK, Australia, New Zealand, and Singapore.
Cybercrime Squad Commander Detective Superintendent Arthur Katsogiannis on Friday urged businesses to review their electronic account payment practices to better protect themselves against scams.
"In this day and age, most companies use electronic accounting systems and pay accounts electronically, which can make them susceptible to business email compromise scams," Katsogiannis said.
"We would encourage all businesses to develop systems to combat against scams, including scrutiny of email requests to transfer funds or change account details, and standard procedures to follow to protect against business email compromises."
Meanwhile, Border Force Detention Operations Commander Bill Ries said the ABF has been making the case for some time for powers to remove phones from detainees within immigration detention centres.
"We know phones can be used to coordinate escape efforts, as a commodity of exchange, to facilitate the movement of contraband, to convey threats and, in this case, to organise significant criminal activity outside our centres," he said.
"The continued use of phones in detention poses a significant threat to our staff, to detainees and the broader community."
The Australian Competition and Consumer Commission (ACCC) reported Australians lost a total of AU$340 million to scammers in 2017, the highest loss since stats were recorded.
More than 200,000 scam reports were submitted to the ACCC, the Australian Cybercrime Online Reporting Network (ACORN), and other federal and state-based government agencies in 2017.
Investment scams topped the losses at AU$64 million; while dating and romance scams caused the second-greatest losses, at AU$42 million.
PREVIOUS AND RELATED COVERAGE
Based on a sample set of business email compromise data, Trend Micro revealed that cybercriminals fooled the CEO position the most, while CFOs and finance directors were the top targets of attacks.
IBM has uncovered sophisticated campaigns which are successfully targeting Fortune 500 companies.
More businesses are being tricked into sending millions of dollars to cybercriminals, but the criminals often betray themselves through lax operational security.
Business email compromise attacks have led to billions in fraud losses in recent years, according to a Barracuda report. Here's how to avoid them.